package com.zhangquancheng.shirodemo.controller;

import com.zhangquancheng.shirodemo.entity.TbUser;
import com.zhangquancheng.shirodemo.service.TbUserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.crypto.SecureRandomNumberGenerator;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;

/**
 * @Author: zhangquancheng
 * @Description:
 * @Date: 2022/7/14 1:21 下午
 */
@Controller
public class LoginController {

    @Autowired
    TbUserService tbUserService;


    /**
     * @Description 登陆页面
     */
    @RequestMapping({"/toLogin","/"})
    public String toLogin(Model model){
        return "login";
    }


    /**
     * @Description 首页页面
     */
    @RequestMapping({"/user/login"})
    public String login(String username,String password,Model model){
        Subject subject = SecurityUtils.getSubject();
        UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(username,password);
        try{
            subject.login(usernamePasswordToken);
        }catch (UnknownAccountException e1){
            model.addAttribute("message","账号不存在。");
            return "login";
        }catch (IncorrectCredentialsException e2){
            model.addAttribute("message","密码不正确。");
            return "login";
        }catch (AuthenticationException alle){
            return "login";
        }
        model.addAttribute("message","登陆成功，欢迎来到梦幻课堂。");
        return "user/index";
    }


    /**
     * @Description 管理员页面
     */
    @RequestMapping({"/user/admin"})
    public String toAdmin(Model model){
        model.addAttribute("message","欢迎来管理员页面");
        return "user/admin";
    }


    /**
     * @Description 管理员按钮
     */
    @RequestMapping({"/user/adminButton"})
    public String toAdminButton(Model model){
        model.addAttribute("message","管理员操作成功");
        return "user/success";
    }


    /**
     * @Description 开放页面 需要具有superadmin权限才可以
     * @RequiresAuthentication 是否登录
     * @RequiresUser 表示当前Subject已经身份验证或者通过记住我登录的
     * @RequiresGuest 表示当前Subject没有身份验证或通过记住我登录过，即是游客身份
     *
     * @RequiresRoles(value={“admin”, “user”}, logical= Logical.AND)
     * @RequiresRoles(value={“admin”})
     * @RequiresRoles({“admin“})
     * 表示当前Subject需要角色admin 和user
     *
     * @RequiresPermissions (value = { “ user : a ”, “ user : b ” }, logical = Logical.OR)
     * 表示当前Subject需要权限user:a或user:b
     *
     * 注意：如果service层使用了spring的事物注解，那么shiro注解将无效。
     */
    @RequiresRoles({"superadmin"})
    @RequestMapping({"/user/open"})
    public String toOpen(Model model){
        model.addAttribute("message","欢迎来开放页面");
        return "user/open";
    }


    /**
     * @Description 查询成功
     */
    @RequestMapping({"/user/query"})
    public String toQuery(Model model){
        model.addAttribute("message","查询成功");
        return "success";
    }


    /**
     * @Description 添加成功
     */
    @RequestMapping({"/user/add"})
    public String toAdd(Model model){
        model.addAttribute("message","添加成功");
        return "success";
    }

    /**
     * @Description 修改成功
     */
    @RequestMapping({"/user/update"})
    public String toUpdate(Model model){
        model.addAttribute("message","修改成功");
        return "success";
    }


    /**
     * @Description 无权限页面
     */
    @RequestMapping({"/403"})
    public String to403(Model model){
        model.addAttribute("message","对不起无权限");
        return "403";
    }


    /**
     * @Description 细增用户
     */
    @RequestMapping("addUser")
    public String add(@RequestBody TbUser user, Model model) {
        // shiro 自带的工具类生成salt
        String salt = new SecureRandomNumberGenerator().nextBytes().toString();
        //加密次数
        int hashIterations = 1;
        // 算法名称
        String algorithmName = "MD5";
        String newPassword = new SimpleHash(algorithmName,user.getPassword(),salt,hashIterations).toString();
        //保存新密码、盐值
        user.setPassword(newPassword);
        user.setSalt(salt);
        if (tbUserService.save(user)>0){
            model.addAttribute("message","新增成功，使用新用户登陆吧。");
        }
        return "login";
    }

}
